IP/PORT forward requests to another server
I have the following listening PORT:IP set up on my UBuntu server.
12.345.67.890:3636
It receives requests perfectly, however, I would now like to forward any requests to that IP:PORT to another IP:PORT, i.e.:
09.876.54.321:3636
Essentially I want to do a request forward 12.345.67.890:3636 -> 09.876.54.321:3636
.
How can I go about it in Terminal and if I wanted to change it back how can I go about that too? Is there also a way to test that the data is forwarding and it is setup properly?
Thanks!
Edit: Can I just do as follows, just wondering how I would go about testing it and how I could disable it?
sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport 3636 -j DNAT --to-destination 09.876.54.321:3636
iptables -t nat -A POSTROUTING -j MASQUERADE
The commands in your question are enough to enable routing and forward 12.345.67.890:3636 to 09.876.54.321:3636.
Use iptables' LOG target to monitor what is happening:
iptables -I FORWARD -j LOG
You should see something like this in /var/log/syslog:
Aug 19 08:43:23 hostname kernel: [190951.964227] IN=eth0 OUT=eth0 SRC=11.22.33.44 DST=09.876.54.321 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51600 DF PROTO=TCP SPT=41960 DPT=3636 WINDOW=246 RES=0x00 ACK URGP=0
- SRC: Source IP address
- DST: Destination IP address
- SPT: Source port
- DPT: Destination port
Flush iptables rules to clean up everything:
iptables -F
Disabling the port forwarding
When it comes to removing the port routing capability, no answer was given that would switch off the forwarding (experimentally verified on Ubuntu 18.04.2).
Credits: The question by @DT.DTDG is greatly precisely stated, thanks. This question plus @Eric's answer have helped me solving something, thanks! And I went further in researching this topic, so I want to share the knowledge with the community.
Purging the rules
In order to clean up the routing rules, you need to remove them from the NAT routing table (Network Addres Translation table). You achieve this by that:
iptables -F -t nat
Otherwise: if you miss out "-t nat" parameter, the rules mentioned in the question will continue working (e.g. in Ubuntu 18.04.2).
Switch off forwarding
Additionally, the kernel-parameter needs a separate command. If you want to get all cleaned up you also have to:
sysctl net.ipv4.ip_forward=0
It is generally strongly adviced not to enable forwarding of packets between interfaces in systems that are not routers, for security reasons.
Appendix
All actions typically need escalated priviledges, run them preceded with
sudo
or as "root".Ad-acta. Commands that configure the routing:
CUR_PORT = current machine port
DES_IP = destination machine IP address
DES_PORT = destination machine port
sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport CUR_PORT -j DNAT --to-destination DES_IP:DES_PORT
iptables -t nat -A POSTROUTING -j MASQUERADE